- Authentication SDK includes new ID Token Validation. If your application uses HS256 signing you should set either SigningAlgorithm to SigningAlgorithm.HS256 on requests you make to AuthenticationApiClient or switch to RS256 if your application is not confidential.

- Improved testing and mocking support. You can now mock `IAuthenticationConnection` / `IManagementConnection` classes to provide local unit-testing functionality for `AuthenticationApiClient` and `ManagementApiClient` respectively.

- Many classes moved namespace and assembly primarily ones in `Core` that were around paging. Visual Studio should be able to suggest where classes you were using now reside.

- Disposal is now consistent. If `AuthenticationApiClient` or `ManagementApiClient` create a connection for you they will manage its lifecycle. If you pass in a connection then it will be your responsibility to manage it. This also applies to how `HttpClientAuthenticationConnection` and `HttpClientManagementConnection` will only dispose of a `HttpClient` they create and not ones they are given.

- Rate Limiting information is now only available on the `RateLimitApiException` which is raised when the rate limit is exceeded.

- `ApiException` is now `ErrorApiException`. If you use the status code or error message on exception you will need to switch to catching the later. The former is now a base class that does not have this information but ensures any old catch `ApiException` will continue to catch rate limit exceptions which also now inherit from this class.

- Microsoft recommends `HttpClient` is reused as much as possible. Therefore you should use dependency injection or inversion of control to ensure that either a single instance of `AuthenticationApiClient` / `ManagementApiClient` or its connections `HttpClientXConnection` are created to ensure sharing. These classes are now thread-safe. You can additionally share `HttpClient` objects between them if you wish by injecting it into the `HttpClientXConnection` constructor.

- Connections now have DisplayName, Realms and IsDomainConnection properties.

Version 6.5.5 - Signup API result now handles custom databases returning variations of "id" name - Fix EnrollmentAuthMethod.Authenticator enum name - ClientBase now has property for `initiate_login_uri`

Version 6.5.1 - User and role permissions endpoints in UsersClient and RolesClient paging fix.

Version 6.5.0 - Assembly is now strong-name-signed so it can be used by other strong-name-signed packages. - NOTE: This is code signing only using a non-secret key. It is not authenticode or tamper protection. - User and role permissions endpoints in UsersClient and RolesClient now correctly honoring paging. - User model optional fields (CreatedAt, UpdatedAt, LastLogin) are now nullable.

Version 6.4.0 - TenantSettings lifetimes are now double not integer. - Added various Guardian-related endpoints on UserClient.

Version 6.1.0 - New user permission endpoints added to UsersClient - New role permission endpoints added to RolesClient - AuthenticationApiClient now implements IDisposable to dispose ApiConnection and HttpClient - Added various new and missing properties to Resource Servers (ResourceServerBase)

Version 6.0.0 - New GuardianClient for managing /guardian endpoints - New RolesClient for managing /roles endpoints - PasswordChangeTicket now has IncludeEmailInRedirect and MailEmailAsVerified - ApiConnection now has Dispose to dispose the HttpClient it creates - ManagementApiClient now has Dispose to dispose the ApiConnection it creates - XML documentation tweaks - Dependencies updated

- All I*Client interfaces have been removed so adding endpoints is no longer breaking - IManagementApi interface was removed so adding new clients is no longer breaking - All non-paging GetAll methods have been removed - DiagnosticsHeader/DiagnosticsComponent are no longer available